New VCE and PDF – You can prepare Cisco 642-618 exam in an easy way with Cisco 642-618 questions and answers. By training our Cisco 642-618 vce dumps with all the latest questions, you can pass the exam in the first attempt.
Exam A
QUESTION 1
By default, which traffic can pass through a Cisco ASA that is operating in transparent mode without explicitly allowing it using an ACL?
A. ARP
B. BPDU
C. CDP
D. OSPF multicasts
E. DHCP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 2
Which three Cisco ASA configuration commands are used to enable the Cisco ASA to log only the debug output to syslog? (Choose three.)
A. logging list test message 711001
B. logging debug-trace
C. logging trap debugging
D. logging message 711001 level 7
E. logging trap test
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 3
By default, how does the Cisco ASA authenticate itself to the Cisco ASDM users?
A. The administrator validates the Cisco ASA by examining the factory built-in identity certificate thumbprint of the Cisco ASA.
B. The Cisco ASA automatically creates and uses a persistent self-signed X.509 certificate to authenticate itself to the administrator.
C. The Cisco ASA automatically creates a self-signed X.509 certificate on each reboot to authenticate itself to the administrator.
D. The Cisco ASA and the administrator use a mutual password to authenticate each other.
E. The Cisco ASA authenticates itself to the administrator using a one-time password.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 4
When will a Cisco ASA that is operating in transparent firewall mode perform a routing table lookup instead of a MAC address table lookup to determine the outgoing interface of a packet?
A. if multiple context mode is configured
B. if the destination MAC address is unknown
C. if the destination is more than a hop away from the Cisco ASA
D. if NAT is configured
E. if dynamic ARP inspection is configured
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 5
Which Cisco ASA feature is implemented by the ip verify reverse-path interface interface_name command?
A. uRPF
B. TCP intercept
C. botnet traffic filter
D. scanning threat detection
E. IPS (IP audit)
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 6
In one custom dynamic application, the inside client connects to an outside server using TCP port 4444 and negotiates return client traffic in the port range of 5000 to 5500. The server then starts streaming UDP data to the client on the negotiated port in the specified range. Which Cisco ASA feature or command supports this custom dynamic application?
A. TCP normalizer
B. TCP intercept
C. ip verify command
D. established command
E. tcp-map and tcp-options commands
F. set connection advanced-options command
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 7
Refer to the exhibit.
Which statement about the Telnet session from 10.0.0.1 to 172.26.1.200 is true?
A. The Telnet session should be successful.
B. The Telnet session should fail because the route lookup to the destination fails.
C. The Telnet session should fail because the inside interface inbound access list will block it.
D. The Telnet session should fail because no matching flow was found.
E. The Telnet session should fail because inside NAT has not been configured.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 8
Refer to the exhibit.
On Cisco ASA Software Version 8.3 and later, which two sets of CLI configuration commands result from this Cisco ASDM configuration? (Choose two.)
A. nat (inside) 1 10.1.1.10 global (outside) 1 192.168.1.1
B. nat (outside) 1 192.168.1.1 global (inside 1 10.1.1.10
C. static(inside,outside) 192.168.1.1 10.1.1.10 netmask 255.255.255.255 tcp 0 0 udp 0
D. static(inside,outside) tcp 192.168.1.1 80 10.1.1.10 80
E. object network 192.168.1.1 nat (inside,outside) static 10.1.1.10
F. object network 10.1.1.10 nat (inside,outside) static 192.168.1.1
G. access-list outside_access_in line 1 extended permit tcp any object 10.1.1.10 eq http access-group outside_access_in in interface outside
H. access-list outside_access_in line 1 extended permit tcp any object 192.168.1.1 eq http access-group outside_access_in in interface outside
Correct Answer: FG Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 9
Refer to the exhibit.
Which corresponding Cisco ASA Software Version 8.3 command accomplishes the same Cisco ASA Software Version 8.2 NAT configuration?
A. nat (any,any) dynamic interface
B. nat (any,any) static interface
C. nat (inside,outside) dynamic interface
D. nat (inside,outside) static interface
E. nat (outside,inside) dynamic interface
F. nat (outside,inside) static interface
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 10
Refer to the exhibit.
Which traffic is permitted on the inside interface without any interface ACLs configured?
A. any IP traffic input to the inside interface
B. any IP traffic input to the inside interface destined to any lower security level interfaces
C. only HTTP traffic input to the inside interface
D. only HTTP traffic output from the inside interface E. No input traffic is permitted on the inside interface. F. No output traffic is permitted on the inside interface.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 11
On Cisco ASA Software Version 8.4.1 and later, when you configure the Cisco ASA appliance in transparent firewall mode, how is the Cisco ASA management IP address configured?
A. using the IP address global configuration command
B. using the IP address GigabitEthernet 0/x interface configuration command
C. using the IP address BVI x interface configuration command
D. using the bridge-group global configuration command
E. using the bridge-group GigabitEthernet 0/x interface configuration command
F. using the bridge-group BVI x interface configuration command
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 12
Refer to the exhibit.
Which Cisco ASA CLI nat command is generated based on this Cisco ASDM NAT configuration?
A. nat (dmz, outside) 1 source static any any
B. nat (dmz, outside) 1 source static any outside
C. nat (dmz,outside) 1 source dynamic any interface
D. nat (dmz, outside) 1 source static any interface destination static any any
E. nat (dmz, outside) 1 source dynamic any outside destination static any any
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 13
Refer to the exhibit.
Which additional Cisco ASA Software Version 8.3 NAT configuration is needed to meet the following requirements?
When any host in the 192.168.1.0/24 subnet behind the inside interface accesses any destinations in the 10.10.1.0/24 subnet behind the outside interface, PAT them to the outside interface. Do not change the destination IP in the packet.
A. nat (inside,outside) source static inside-net interface destination static outhosts outhosts
B. nat (inside,outside) source dynamic inside-net interface destination static outhosts outhosts
C. nat (outside,inside) source dynamic inside-net interface destination static outhosts outhosts
D. nat (outside,inside) source static inside-net interface destination static outhosts outhosts
E. nat (any, any) source dynamic inside-net interface destination static outhosts outhosts
F. nat (any, any) source static inside-net interface destination static outhosts outhosts
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 14
On Cisco ASA Software Version 8.3 and later, which two statements correctly describe the NAT table or NAT operations? (Choose two.)
A. The NAT table has four sections.
B. Manual NAT configurations are found in the first (top) and/or the last (bottom) section(s) of the NAT table.
C. Auto NAT also is referred to as Object NAT.
D. Auto NAT configurations are found only in the first (top) section of the NAT table.
E. The order of the NAT entries in the NAT table is not relevant to how the packets are matched against the NAT table.
F. Twice NAT is required for hosts on the inside to be accessible from the outside.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 15
The Cisco ASA software image has been erased from flash memory. Which two statements about the process to recover the Cisco ASA software image are true? (Choose two.)
A. Access to the ROM monitor mode is required.
B. The Cisco ASA appliance must have connectivity to the TFTP server where the Cisco ASA image is stored through the Management 0/0 interface.
C. The copy tftp flash command is necessary to start the TFTP file transfer.
D. The server command is necessary to set the TFTP server IP address.
E. Cisco ASA password recovery must be enabled.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 16
Which two Cisco ASA licensing features are correct with Cisco ASA Software Version 8.3 and later? (Choose two.)
A. Identical licenses are not required on the primary and secondary Cisco ASA appliance.
B. Cisco ASA appliances configured as failover pairs disregard the time-based activation keys.
C. Time-based licenses are stackable in duration but not in capacity.
D. A time-based license completely overrides the permanent license, ignoring all permanently licensed features until the time-based license is uninstalled.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 17
For which purpose is the Cisco ASA CLI command aaa authentication match used?
A. Enable authentication for SSH and Telnet connections to the Cisco ASA appliance.
B. Enable authentication for console connections to the Cisco ASA appliance.
C. Enable authentication for connections through the Cisco ASA appliance.
D. Enable authentication for IPsec VPN connections to the Cisco ASA appliance.
E. Enable authentication for SSL VPN connections to the Cisco ASA appliance.
F. Enable authentication for Cisco ASDM connections to the Cisco ASA appliance.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 18
Which option is one requirement before a Cisco ASA appliance can be upgraded from Cisco ASA Software Version 8.2 to 8.3?
A. Remove all the pre 8.3 NAT configurations in the startup configuration.
B. Upgrade the memory on the Cisco ASA appliance to meet the memory requirement of Cisco ASA Software Version 8.3.
C. Request new Cisco ASA licenses to meet the 8.3 licensing requirement.
D. Upgrade Cisco ASDM to version 6.2.
E. Migrate interface ACL configurations to include interface and global ACLs.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 19
Refer to the partial Cisco ASA configuration and the network topology shown in the exhibit.
Which two Cisco ASA configuration commands are required so that any hosts on the Internet can HTTP to the WEBSERVER using the 192.168.1.100 IP address? (Choose two.)
A. nat (inside,outside) static 192.168.1.100
B. nat (inside,outside) static 172.31.0.100
C. nat (inside,outside) static interface
D. access-list outside_access_in extended permit tcp any object 172.31.0.100 eq http
E. access-list outside_access_in extended permit tcp any object 192.168.1.100 eq http
F. access-list outside_access_in extended permit tcp any object 192.168.1.1 eq http
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Explanation:
QUESTION 20
Which two statements about Cisco ASA 8.2 NAT configurations are true? (Choose two.)
A. NAT operations can be implemented using the NAT, global, and static commands.
B. If nat-control is enabled and a connection does not need a translation, then an identity NAT configuration is required.
C. NAT configurations can use the any keyword as the input or output interface definition.
D. The NAT table is read and processed from the top down until a translation rule is matched.
E. Auto NAT links the translation to a network object.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
Cisco 642-618 Questions and Answers Products basically comprise of the simulated Cisco 642-618 exam questions AND their most correct answers,accompanied with a methodical elucidation of the Cisco 642-618 answers and the probable wrong answers.The extent to which Cisco 642-618 Questions and Answers Products cover their Cisco subject is so thorough,that once you are done with a Cisco product, passing the Cisco 642-618 exam in first attempt should be a piece of cake.